Organisations really need to start auditing the code they use, or using distributions that pool resources to do that work. Deploying code without doing one or the other can never not come with risks like this.